The week in security: Malware growth leaves Australian CIOs unprepared

David Braue |
April 22, 2013

CIOs may only have glimpses of the future of mobile security, but security firm Bitdefender believes one of the recurring issues will be the continued channelling of private information even from paid-for apps in the Android Play app store.

CIOs may only have glimpses of the future of mobile security, but security firm Bitdefender believes one of the recurring issues will be the continued channelling of private information even from paid-for apps in the Android Play app store. That's a more immediate but no less worrying threat than a targeted Android attack against Uyghur activists, discovered by Kaspersky Lab security analysts and reflective of a growing Android malware profile that's being addressed by the release of tools like AVG's free new 'TuneUp' app.

Tapping into skilled students' hacking abilities has become an increasingly popular practice. Melbourne's Deakin University and Sydney's Macquarie University, for example, have partnered with Trend Micro to develop and test big-data analysis techniques to better understand the cybersecurity threats facing Australian companies. And the US National Security Agency has tried an interesting approach by pitting its top hackers against university-age security enthusiasts from three top-tier military academies. Whether or not their collective minds will be able to improve the detection of and response to sneaky malware like the new Win32/Nemim.gen!A - which hides key files to avoid detection and analysis - is yet to be seen.

Some security technologies are proving problematic all on their own, with around half of online shoppers oftenprevented from completing online purchases because they can't get their security credentials to work. Maybe they need to look at brain-powered passwords, or simply find a better authentication provider in a field that's become more powerful with the release of a white-label authentication solution for Australian service providers.

Some law-enforcement authorities were suggesting the Find My Mac feature of Apple's OS X lacks enough information to enable legal recovery of the device, while analysis of a hack of supermarket chain Schnucks found it took the company two weeks to find out how credit and debit card information on up to 2.4 million customers had been compromised.

Another analysis found malware that's targeting online share trading software, while a new variant of the Gozi banking Trojan infects a computer's Master Boot Record (MBR) to confound its removal. Aiming to confound malware targeted at financial-services targets, a Cambridge University spinoff has developed a new form of protection against 'man-in-the-browser' Trojan attacks, with a mobile device-based visual image security system to improve authentication.

In this and other cases it's important to keep an open mind: many companies are in denial about the insider threat to data security, a new survey said, with nearly half of UK employers trusting their workers not to steal company information. But you don't have to be a big business to get compromised: a Symantec study found that cyber-criminals are increasingly targeting vulnerable small businesses as easy prey. Others, though, continue to aim higher - and, as one 21-year-old British hackerand the co-founder of Pirate Bay found out, sometimes getting caught for it.